2 Replies Latest reply on Apr 12, 2017 2:16 AM by valsaraj viswanathan

    WFLY-3221 issue exists in WildFly 10.1.0

    valsaraj viswanathan Master

      Hi,

       

      The cache flush issue seems to be existing in WildFly 10.1.0.

      Ticket: [WFLY-3221] flushOnSessionInvalidation attribute in jboss-web.xml does not flush user credentials - JBoss Issue Tracker

      Here, fix version is 9 but still session invalidates but JAAS login with old password works using cache.

      If the code s wrtten in application to flush using session listener, it works.

      @WebListener

      public class CacheInvalidationSessionListener implements HttpSessionListener {

        @Resource(name = "java:jboss/jaas/appLDAP/authenticationMgr")

          private CacheableManager<?, Principal> cm;

       

       

        public CacheInvalidationSessionListener() {

       

        }

       

          @Override

          public void sessionCreated(HttpSessionEvent se) {

          }

       

       

          @Override

          public void sessionDestroyed(HttpSessionEvent se) {

              //we need to get the current account

              //there are two options here, we can look for the account in the current request

              //or we can look for the account that has been saved in the session

              //for maximum compatibility we do both

              ServletRequestContext src = ServletRequestContext.current();

              if (src != null) {

                  Account account = src.getExchange().getSecurityContext().getAuthenticatedAccount();

                  if (account != null) {

                      clearAccount(account);

                  }

              }

              if (se.getSession() instanceof HttpSessionImpl) {

                  final HttpSessionImpl impl = (HttpSessionImpl) se.getSession();

                  Session session;

                  if (WildFlySecurityManager.isChecking()) {

                      session = WildFlySecurityManager.doChecked(new PrivilegedAction<Session>() {

                          @Override

                          public Session run() {

                              return impl.getSession();

                          }

                      });

                  } else {

                      session = impl.getSession();

                  }

                  if (session != null) {

                      AuthenticatedSessionManager.AuthenticatedSession authenticatedSession = (AuthenticatedSessionManager.AuthenticatedSession) session.getAttribute(CachedAuthenticatedSessionHandler.class.getName() + ".AuthenticatedSession");

                      if(authenticatedSession != null) {

                          clearAccount(authenticatedSession.getAccount());

                      }

                  }

              }

          }

       

       

          private void clearAccount(Account account) {

              if (account instanceof AccountImpl) {

                  cm.flushCache(((AccountImpl) account).getOriginalPrincipal());

                  TolvenLogger.info(">>>>>>>>> CLEAR CACHE: " + ((AccountImpl) account).getOriginalPrincipal().getName(), this.getClass());

              }

             

              if (account != null) {

                  cm.flushCache(account.getPrincipal());

                  TolvenLogger.info(">>>>>>>>> CLEAR CACHE: " + account.getPrincipal().getName(), this.getClass());

              }

          }

      }

       

      Any suggestion on this issue?

       

      Thanks!